-
Title
Primary provider names must match for an SPS initiated RDP connection with SPP -
Description
The primary provider names must match for a Safeguard for Privilege Sessions (SPS) 6.6 initiated RDP connection with Safeguard for Privilege Passwords (SPP) versions 2.11.2, 6.6, and 6.0.6.
-
Cause
When SPS initiates an RDP connection with SPP and the primary provider names do not match the connection will fail. For example, in SPS the provider name test will not match the SPP provider name test.demo. When the provider names do not match, SPP cannot resolve the SPP user to the SPS user for running the session.
-
Resolution
Make sure the user and provider of the SPS gateway user matches the username and primaryProviderName that SPS employs to identify the user.
- In the SPS log, identify the SPS forUser and forProvider that was sent to SPP from SPS.
- Match that against the username and primaryProviderName for the user in SPP. During connection, two checks are performed in the following order.
- Active Directory users are matched.
- SPS DomainName = SPP primaryProviderName and
SPS UserName = SPP username - SPS NetbiosName = SPP primaryProviderName and
SPS UserName = SPP username
- All other users are matched.
- SPS PrimaryAuthProviderName = SPP primaryProviderName and
SPS UserName = SPP username - SPS IdentityProviderName = SPP primaryProviderName and
SPS UserName = SPP username
3. When RDP prompts for the user and domain, provide the correct information. The target server username is case sensitive and it must match the managed account that exists in SPP. In addition, you may need to provide an actual Active Directory domain rather than another way SPS may define the AD directory.